Security Bulletin: Vulnerability in OpenSSL affect Rational Tau (CVE-2016-2180)

2018-06-1705:17:27

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Summary

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by Rational Tau. Rational Tau has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2016-2180**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TS_OBJ_print_bio function. A remote attacker could exploit this vulnerability using a specially crafted time-stamp file to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/115829> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

4.3, 4.3.0.1, 4.3.0.2, 4.3.0.3, 4.3.0.4, 4.3.0.5, 4.3.0.6, 4.3.0.6 Interim Fix 1, 4.3.0.6 Interim Fix 2, 4.3.0.6 Interim Fix 3, 4.3.0.6 Interim Fix 4, 4.3.0.6 Interim Fix 5, 4.3.0.6 Interim Fix 6, 4.3.0.6 Interim Fix 7

Remediation/Fixes

Upgrade to Rational Tau Interim Fix 8 for 4.3.0.6

Workarounds and Mitigations

None

CPENameOperatorVersion
rational taueq4.3
rational taueq4.3.0.1
rational taueq4.3.0.2
rational taueq4.3.0.3
rational taueq4.3.0.4
rational taueq4.3.0.5
rational taueq4.3.0.6